Description
IEC 60870-5-104: Potential Denial of Service impact on reception of invalid U-format frame. Product is only affected if IEC 60870-5-104 bi-directional functionality is configured. Enabling secure communication following IEC 62351-3 does not remediate the vulnerability but mitigates the risk of exploitation.
Published: 2026-02-24
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch
AI Analysis

Impact

The vulnerability allows an attacker to cause a denial of service by sending an invalid U-format frame to a device running the Hitachi Energy RTU500 series CMU firmware that has IEC 60870-5-104 bi‑directional functionality enabled. The fault occurs during frame reception, leading to an indefinite hang or reset of the communication stack. This weakness is categorized as CWE‑184 and carries a CVSS score of 8.7, indicating a high severity.

Affected Systems

This defect affects the Hitachi Energy RTU500 series CMU firmware used in RTU520, RTU530, RTU540, and RTU560 devices. All models running firmware version 13.8.1 are known to be vulnerable, as are devices operating any prior firmware that includes the same vulnerable code path.

Risk and Exploitability

The likelihood of exploitation is reflected in an EPSS score of less than 1 %, suggesting that known exploitations are rare or limited. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog, but the high CVSS still warrants remediation. An attacker would need network access to the IEC 60870-5-104 channel and the ability to transmit malformed frames; enabling secure communication per IEC 62351‑3 mitigates the risk but does not eliminate the vulnerability.

Generated by OpenCVE AI on April 16, 2026 at 16:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the firmware on all affected RTU520, RTU530, RTU540, and RTU560 units to a version that addresses the U‑format frame handling issue.
  • If an immediate firmware update is impractical, disable the bi‑directional IEC 60870‑5‑104 mode on devices that do not require it to prevent the fault condition.
  • Activate secure transmission as defined in IEC 62351‑3 to reduce the chance that malicious frames can be delivered, and monitor the IEC 60870‑5‑104 traffic for suspicious activity.

Generated by OpenCVE AI on April 16, 2026 at 16:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
Title Denial of Service via Invalid U-Format Frame in IEC 60870-5-104

Sat, 28 Feb 2026 03:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 27 Feb 2026 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Hitachienergy rtu520
Hitachienergy rtu520 Firmware
Hitachienergy rtu530
Hitachienergy rtu530 Firmware
Hitachienergy rtu540
Hitachienergy rtu540 Firmware
Hitachienergy rtu560
Hitachienergy rtu560 Firmware
CPEs cpe:2.3:h:hitachienergy:rtu520:-:*:*:*:*:*:*:*
cpe:2.3:h:hitachienergy:rtu530:-:*:*:*:*:*:*:*
cpe:2.3:h:hitachienergy:rtu540:-:*:*:*:*:*:*:*
cpe:2.3:h:hitachienergy:rtu560:-:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:rtu520_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:rtu520_firmware:13.8.1:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:rtu530_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:rtu530_firmware:13.8.1:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:rtu540_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:rtu540_firmware:13.8.1:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:rtu560_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hitachienergy:rtu560_firmware:13.8.1:*:*:*:*:*:*:*
Vendors & Products Hitachienergy rtu520
Hitachienergy rtu520 Firmware
Hitachienergy rtu530
Hitachienergy rtu530 Firmware
Hitachienergy rtu540
Hitachienergy rtu540 Firmware
Hitachienergy rtu560
Hitachienergy rtu560 Firmware
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Wed, 25 Feb 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Hitachienergy
Hitachienergy rtu500 Firmware
Vendors & Products Hitachienergy
Hitachienergy rtu500 Firmware

Tue, 24 Feb 2026 14:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20 CWE-184

Tue, 24 Feb 2026 13:30:00 +0000

Type Values Removed Values Added
Description IEC 60870-5-104: Potential Denial of Service impact on reception of invalid U-format frame. Product is only affected if IEC 60870-5-104 bi-directional functionality is configured. Enabling secure communication following IEC 62351-3 does not remediate the vulnerability but mitigates the risk of exploitation.
Weaknesses CWE-20
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Hitachienergy Rtu500 Firmware Rtu520 Rtu520 Firmware Rtu530 Rtu530 Firmware Rtu540 Rtu540 Firmware Rtu560 Rtu560 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: Hitachi Energy

Published:

Updated: 2026-02-28T02:20:00.192Z

Reserved: 2026-02-02T16:28:59.394Z

Link: CVE-2026-1773

cve-icon Vulnrichment

Updated: 2026-02-28T02:19:54.971Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-24T14:16:22.420

Modified: 2026-02-27T18:56:20.460

Link: CVE-2026-1773

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T16:30:15Z

Weaknesses